Failed again ISSMP 23th September
I think the heading says it all,original post is here
http://www.techexams.net/forums/isc-sscp-cissp/127716-failing-cissp-issmp-exam-24th-june-17-a.html
Marks this time 619.Last was 564 . Improvement but on cost to 1400$ on studying material. Real loser I'm.I need you guys help to clear the confusion over. I have used 600+ cism exam questions
link here
https://www.exam-labs.com/exam/CISM?viewall=1
but the confusion remains For e.g
1) When a vulnerability is found the security officer should do first report to it management or asses the likelihood. In my opinion there is no point of going to management If you don't have the impact analysis done.
2) On ethics if a former employee is contacted should he help the new employer answer personal questions or put the questions to other dept and decline the request?
3) Are control here to provide acceptable range or parameters or they are here to determine assessment requirements.? Acceptable ranges thats where standards exists? But I can be wrong any suggestions.
4) can in any case security manager have risk acceptance authority?
5) operational security can be best ensured via security controls in terms of policies that are embedded in approved documentation or be present operational security guidelines to be audited annually? My view if they are not documented they are never audited?
6)if auditor is facing resistance from internal teams, should he ask the security manager to have their liaison ensure that audit checklist is forwarded and communicated between auditor and target team?My weakness is leadership, ethics and governance according to exam results. What can i do?
7) If some organization tells me about type of business they are in, and inform me their business suffer no risk, and in discussion I can pick out area e.g integrity where the risk applies, should I recommend the risky area or suggest full risk assessment. Also, there is no budget concern raised by the organization management which approach to follow.
http://www.techexams.net/forums/isc-sscp-cissp/127716-failing-cissp-issmp-exam-24th-june-17-a.html
Marks this time 619.Last was 564 . Improvement but on cost to 1400$ on studying material. Real loser I'm.I need you guys help to clear the confusion over. I have used 600+ cism exam questions
link here
https://www.exam-labs.com/exam/CISM?viewall=1
but the confusion remains For e.g
1) When a vulnerability is found the security officer should do first report to it management or asses the likelihood. In my opinion there is no point of going to management If you don't have the impact analysis done.
2) On ethics if a former employee is contacted should he help the new employer answer personal questions or put the questions to other dept and decline the request?
3) Are control here to provide acceptable range or parameters or they are here to determine assessment requirements.? Acceptable ranges thats where standards exists? But I can be wrong any suggestions.
4) can in any case security manager have risk acceptance authority?
5) operational security can be best ensured via security controls in terms of policies that are embedded in approved documentation or be present operational security guidelines to be audited annually? My view if they are not documented they are never audited?
6)if auditor is facing resistance from internal teams, should he ask the security manager to have their liaison ensure that audit checklist is forwarded and communicated between auditor and target team?My weakness is leadership, ethics and governance according to exam results. What can i do?
7) If some organization tells me about type of business they are in, and inform me their business suffer no risk, and in discussion I can pick out area e.g integrity where the risk applies, should I recommend the risky area or suggest full risk assessment. Also, there is no budget concern raised by the organization management which approach to follow.
Comments
-
kdotnoh Member Posts: 30 ■■■□□□□□□□It difficult to hear you couldn't meet the pass mark again. Concentration exams are mostly difficult. I am planning to write it in Dec. maybe we can study together. In that case we sharpen each other for the exam. Get in touch if u are interested.
-
stryder144 Member Posts: 1,684 ■■■■■■■■□□Just replying to the first point: you always contact management first to let them know what is going on and that you are going to provide a more detailed analysis once the investigation is complete. There are time-scales that need to be followed and any delay could look bad for the company.The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
asadzz Member Posts: 14 ■□□□□□□□□□I know its hard, but i'm giving it next month. Money no issue. Respect and honor is. I will give this paper till i past. You can msg me for details.
-
Kiill Registered Users Posts: 4 ■□□□□□□□□□asadzz
I've tried to contact you through the forum but I couldn't.
I'm taking the ISSMP next Tuesday.
I've read the CBK and was pretty confident until I read about your journey and especially your opinion on the CBK content being not helpful at all during the exam.
I've passed the CISM recently; I'm counting on what I've read on this forum about the similarities in content.
I know we can't talk much about the exam content but can you give some examples of topics that you now think that should've been included on the CBK?